User devices like personal computers, laptop computers, or mobile phones are more and more developing from a very specialized area of pure computing or pure telephony to devices that provide a multitude of services. Especially for mobile phones, this trend has accelerated and versions of modern mobile phones are already available that offer beside telephony services additionally data services like Multimedia Messaging Services (MMS), MP3 music playback, video streaming, mobile gaming and the like. Furthermore, with the introduction of integrated or attachable cameras, such user devices are no longer restricted to the usage of received data but can also generate data of their own like taking a photo or recording a video and/or audio sequence.
With the possibility to use generated and/or received content on a user device, there is a need to control the usage of the content. The Open Mobile Alliance (OMA) is a standardization instance that partly addresses this need, see OMA Download Architecture Version 1.0 Version 10 Jun. 2002, OMA Digital Rights Management Version 1.0 Version 5 Sep. 2002, and OMA Rights Expression Language Version 1.0 Version 13 Sep. 2002.
The OMA architecture consists of two basic-functionalities, i.e. firstly “Download” specifying how to download content in form of media objects from a download server in a network to a download agent included in the user device. Secondly, it addresses “Digital Rights Management” (DRM), i.e. mechanisms to control the usage of the content on the user device. For download of DRM protected content which is in the framework of OMA defined as content wrapped in a DRM container or a DRM message or encrypted by a symmetric content encryption key, a DRM packager providing the DRM protected content to the download server is used. A DRM agent on the user device handles the DRM protected content according to usage rights given in a rights object referencing to the DRM protected content and acts as a usage rights enforcement entity.
A rights object carrying usage rights for instructing the DRM agent on the user device how to use the content can be received by the user device together with the DRM protected content or separately according to “combined delivery” or “separate delivery”, respectively.
When DRM protected content and its associated rights object are received separately from a server at a user device, the user device can have the possibility to forward the DRM protected content according to a process called “superdistribution” to a recipient device. The rights object, however, cannot be forwarded with the DRM protected content to the recipient device but must be loaded to the recipient device from the same server acting as rights server.
Superdistribution enables a user device to forward downloaded DRM protected content to a recipient device. However, it does not provide any control by said superdistributing user device and/or by it's user about the rights object for the superdistributed DRM protected content. Furthermore, OMA-DRM vers. 1.0 based solutions are generally not applicable to content generated at a user device.
Microsoft® Windows® Server™ 2003 White Paper—Technical Overview of Microsoft Windows Rights Management in the Enterprise, Microsoft Corporation, published June 2003 on the Internet, describes a solution for controlling of the usage of content generated by a user at a user device in form of a computer. The user defines usage rights like e.g. permissions to view, copy, print, save, store, forward, and modify the content. The usage rights can also specify conditions such as an expiration time of the usage rights and applications and entities that are excluded from accessing the content. A Rights Management (RM)-enabled application on the user device encrypts the content with a symmetric key, binds the encrypted content with a publishing license comprising the defined usage rights and sends the encrypted content including the publishing license to a recipient device in form of a further computer with a further RM-application. Before using the content at the recipient device, the recipient device must send the publishing license to a RM server for requesting an issuance of a use license that specifies the usage rights of the further computer with respect to the received content. The publishing license and the use license can be different from each other as the RM server adds conditions to the use license as the expiration of the use license or an application or operating system exclusion. Only after a validation by the RM server that the operator of the recipient device is authorized and after checking the identity of the operator, the use license is created and sent by the RM server to the recipient device, which subsequently decrypts the content and uses the content according to the use license.
However, this solution is problematic as a third entity, i.e. the RM server, is allowed to alter the usage rights specified by the user of the user device. Furthermore, it is not optimal from a privacy point of view as the RM server gains knowledge about the receiver of the content. In addition, the method is rather complicated involving many encryption, decryption, verification and validation steps and message exchanges before allowing the recipient device to use the content.
Thus, both known solutions provide only limited control about the usage of the content at the recipient device. Furthermore, their limitations to either DRM protected or content generated at a user device is very inconvenient, e.g. a user that wants to have an all-in-one solution being applicable for both DRM protected and content generated at the user device cannot be served appropriately.